<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Oct 7, 2020 6:42:12 AM
Dmitry Tkachuk
Dmitry Tkachuk
Imunify Security, Product Owner

Release Notes: Imunify360 v.5.3 beta

 

IM-beta-release

We’re pleased to announce that a new beta version of Imunify360, version 5.3, is now available. The following features are new in the v5.3 beta release:

    • Bulk restore from the backup
      Optimized backup restoration procedure speeds up file recovering in bulk, providing unseen performance.
    • cgroups for Malware Scanner
      Extended resource limitation mechanics supports cgroups, providing better control over resources in the Malware Scanner on CentOS 7, 8, and Ubuntu.
    • Proactive Defense rules delivery
      The new way to deliver Proactive Defense rules provides a set of notable improvements.
    • Features enabled in the Settings
      Some features became enabled for new Imunify360 installations by default.
    • New Default Settings
      The new default settings in the Imunify360’s Malware Scanner and WAF allow performing faster and detect more malware.

Let’s review the changes in version 5.3: 

Bulk restore from backup

We’ve greatly reworked Malware Scanner and made it ready for bulk operations. Optimized workflow for batches performs much faster as they can be grouped, and similar operations can be executed only once. That allows Imunify360 v5.3 to restore from the backup up to 100x faster and consume fewer resources for that.

Best seen on big restore-batches, which usually caused by the scanning with the “Try to restore from backup first” feature enabled or by manual “Try to restore clean version from backup” requests on big volumes.

cgroups for Malware Scanner

Imunify360 v5.3 utilizes cgroups for the CPU and IO resource management during on-demand and background scans. It limits filesystem and CPU load according to configured “intensity level”, avoiding spikes and smoothly spreading the load.

That is useful for non-CloudLinux OS systems where LVE is not available. Earlier CentOS 7/8 systems required the CFQ scheduler to be available for the ionice priorities schedule. Now, Imunify360 v5.3 doesn’t depend on CFQ. Further installations on Debian systems will also rely on cgroups support for resource management.

Proactive Defense rules delivery

Imunify360 is now capable of updating Proactive Defense protection rules in real-time. The new delivery system has a set of advantages:

  • Protection rules now can be updated instantly without the Imunify360 complete suite releasing. This improvement significantly reduces the release cycle and makes the delivery process quicker.
  • Quick rules delivery allows extremely fast reaction on zero-day attacks and immediately update server protection as soon as it was developed by the Imunify operation department yet keeping the entire release process safe and reliable.
  • The fail-safe update technique allows applying embedded rules in case of any network failure during the update process.

Stable features

The features previously marked as “experimental” have been tested carefully during several releases, and now they are ready for regular usage:

  • General → Installation → Privilege escalation detection & protection
    The KernelCare extension for Imunify360 allows tracing malicious execution flows to detect privilege escalation attempts.
  • General → WAF settings → Apply CMS-specific WAF Rules
    Optimizes WAF rules on a per-domain basis, considering the web applications installed on the website (WordPress, Joomla, Drupal, etc.).
  • General → PAM → PAM brute-force attack protection
    Advanced SSH/FTP brute-force protection technique based on the combination of PAM module authorization, RBL check, and IP blacklisting.
  • Malware → General → Optimize real-time scan
    Enables the File Change API or fanotify service support for Malware Scanner to reduce the system load while watching for file changes.
  • Malware → General → Binary (ELF) malware detection
    Allows Malware Scanner to trigger on ELF-binaries in user home directories (which is uncommon) and mark them as malicious.

New Default Settings

The new default settings will be applied to all new installations of Imunify360. The following features enabled by default:

  • Optimize real-time scan;
  • Binary (ELF) malware detection;
  • Apply CMS-specific WAF Rules.

Additional information

Imunify360 v5.3 includes 78 tasks and 10 bug fixes.

Internal records

Important tasks and issues linked to support tickets.

DEF-13801
DEF-13824
DEF-13825
DEF-13826
DEF-13889
DEF-13910
DEF-13929
DEF-13944
DEF-13958
DEF-13967
DEF-13977		 Greatly improved detection rate and malicious code deobfuscator.
DEF-13991
DEF-14125		 Fixed the improper redirecting WebShield issue in rare cases.
DEF-13627
DEF-13634		 Fixed empty rbl_whitelist file after ModSecurity vendor update on cPanel.

DEF-13899
DEF-13911

 Improved runtime errors handling in Malware Scanner

DEF-13999
DEF-14044
DEF-14065

 Allow outgoing traffic to white-listed IPs.

DEF-13641
DEF-13677

 Improved handling of messages from AI-Bolit.
DEF-13812 Extended commands in ImunifyAV(+). “malware rebuild patterns” - now available.
DEF-13916
DEF-13928		 Improved PAM service reliability. Unified service name and code refactoring.
DEF-13208 Improved AI-Bolit performance by the file filtering mechanics improvement.
DEF-13897 Malware Database Scanner got updated snippets formatting.

Stay in touch

Please give our product team feedback on this version 5.3 release, or share your ideas and feature requests via feedback@imunify360.com.

If you encounter any problems with this beta release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 beta v.5.3, please follow the instructions in the documentation.

How to upgrade

To upgrade Imunify360 on CentOS/CloudLinux systems, run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

To upgrade Imunify360 on Ubuntu 16.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 18.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

Release Notes: Imunify360 v.5.3 beta

Oct 7, 2020 6:42:12 AM
Dmitry Tkachuk Dmitry Tkachuk

 

IM-beta-release

We’re pleased to announce that a new beta version of Imunify360, version 5.3, is now available. The following features are new in the v5.3 beta release:

    • Bulk restore from the backup
      Optimized backup restoration procedure speeds up file recovering in bulk, providing unseen performance.
    • cgroups for Malware Scanner
      Extended resource limitation mechanics supports cgroups, providing better control over resources in the Malware Scanner on CentOS 7, 8, and Ubuntu.
    • Proactive Defense rules delivery
      The new way to deliver Proactive Defense rules provides a set of notable improvements.
    • Features enabled in the Settings
      Some features became enabled for new Imunify360 installations by default.
    • New Default Settings
      The new default settings in the Imunify360’s Malware Scanner and WAF allow performing faster and detect more malware.

Let’s review the changes in version 5.3: 

Bulk restore from backup

We’ve greatly reworked Malware Scanner and made it ready for bulk operations. Optimized workflow for batches performs much faster as they can be grouped, and similar operations can be executed only once. That allows Imunify360 v5.3 to restore from the backup up to 100x faster and consume fewer resources for that.

Best seen on big restore-batches, which usually caused by the scanning with the “Try to restore from backup first” feature enabled or by manual “Try to restore clean version from backup” requests on big volumes.

cgroups for Malware Scanner

Imunify360 v5.3 utilizes cgroups for the CPU and IO resource management during on-demand and background scans. It limits filesystem and CPU load according to configured “intensity level”, avoiding spikes and smoothly spreading the load.

That is useful for non-CloudLinux OS systems where LVE is not available. Earlier CentOS 7/8 systems required the CFQ scheduler to be available for the ionice priorities schedule. Now, Imunify360 v5.3 doesn’t depend on CFQ. Further installations on Debian systems will also rely on cgroups support for resource management.

Proactive Defense rules delivery

Imunify360 is now capable of updating Proactive Defense protection rules in real-time. The new delivery system has a set of advantages:

  • Protection rules now can be updated instantly without the Imunify360 complete suite releasing. This improvement significantly reduces the release cycle and makes the delivery process quicker.
  • Quick rules delivery allows extremely fast reaction on zero-day attacks and immediately update server protection as soon as it was developed by the Imunify operation department yet keeping the entire release process safe and reliable.
  • The fail-safe update technique allows applying embedded rules in case of any network failure during the update process.

Stable features

The features previously marked as “experimental” have been tested carefully during several releases, and now they are ready for regular usage:

  • General → Installation → Privilege escalation detection & protection
    The KernelCare extension for Imunify360 allows tracing malicious execution flows to detect privilege escalation attempts.
  • General → WAF settings → Apply CMS-specific WAF Rules
    Optimizes WAF rules on a per-domain basis, considering the web applications installed on the website (WordPress, Joomla, Drupal, etc.).
  • General → PAM → PAM brute-force attack protection
    Advanced SSH/FTP brute-force protection technique based on the combination of PAM module authorization, RBL check, and IP blacklisting.
  • Malware → General → Optimize real-time scan
    Enables the File Change API or fanotify service support for Malware Scanner to reduce the system load while watching for file changes.
  • Malware → General → Binary (ELF) malware detection
    Allows Malware Scanner to trigger on ELF-binaries in user home directories (which is uncommon) and mark them as malicious.

New Default Settings

The new default settings will be applied to all new installations of Imunify360. The following features enabled by default:

  • Optimize real-time scan;
  • Binary (ELF) malware detection;
  • Apply CMS-specific WAF Rules.

Additional information

Imunify360 v5.3 includes 78 tasks and 10 bug fixes.

Internal records

Important tasks and issues linked to support tickets.

DEF-13801
DEF-13824
DEF-13825
DEF-13826
DEF-13889
DEF-13910
DEF-13929
DEF-13944
DEF-13958
DEF-13967
DEF-13977		 Greatly improved detection rate and malicious code deobfuscator.
DEF-13991
DEF-14125		 Fixed the improper redirecting WebShield issue in rare cases.
DEF-13627
DEF-13634		 Fixed empty rbl_whitelist file after ModSecurity vendor update on cPanel.

DEF-13899
DEF-13911

 Improved runtime errors handling in Malware Scanner

DEF-13999
DEF-14044
DEF-14065

 Allow outgoing traffic to white-listed IPs.

DEF-13641
DEF-13677

 Improved handling of messages from AI-Bolit.
DEF-13812 Extended commands in ImunifyAV(+). “malware rebuild patterns” - now available.
DEF-13916
DEF-13928		 Improved PAM service reliability. Unified service name and code refactoring.
DEF-13208 Improved AI-Bolit performance by the file filtering mechanics improvement.
DEF-13897 Malware Database Scanner got updated snippets formatting.

Stay in touch

Please give our product team feedback on this version 5.3 release, or share your ideas and feature requests via feedback@imunify360.com.

If you encounter any problems with this beta release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 beta v.5.3, please follow the instructions in the documentation.

How to upgrade

To upgrade Imunify360 on CentOS/CloudLinux systems, run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

To upgrade Imunify360 on Ubuntu 16.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 18.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall
Subscribe to Imunify security Newsletter
aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. Imunify360 and CloudLinux Backup are the registered trademarks of CloudLinux Inc.